Organization: Control Alt Growth
System: File Logic
Effective: December 2025
Purpose
To outline procedures for identifying, evaluating, and notifying affected parties of PHI breaches.
Definition of a Breach
Any unauthorized acquisition, access, use, or disclosure of PHI.
Breach Response Procedure
- Immediate containment
- Investigation (scope, impact, systems involved)
- Risk assessment of compromise
- Mitigation (patching, access revocation, data remediation)
- Documentation
- Notification within 60 days when required
Notification Recipients
- Affected clients
- HHS OCR (as required)
- Media if >500 individuals affected